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DETAILED ACTION 
Continued Examination Under 37 CFR LI 14 
A request for continued examination under 37 CFR 1.114, including the fee set forth in 
37 CFR 1. 17(e), was filed in this application after final rejection. Since this application is 
eligible for continued examination under 37 CFR 1.1 14, and the fee set forth in 37 CFR 1.17(e) 
has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 
37 CFR 1.114. Applicant's submission filed on 06/12/06 has been entered. 



Response to Arguments 

Applicant's arguments filed 06/12/06 have been fully considered. 

Applicant argued that the office asserts, without support, that Challener et al. discloses 
the communication module is capable transmitting both the anonymously mapped identifier 
portion and the unmapped research data portion of the working data to the receiver. This is not 
found persuasive because Challener does indeed disclose the anonymously mapped identifier 
portion (Fig. 9B) and unmapped research data portion of the working data to the receiver (Fig. 
9C). The communication module's ability to transmit the data is taught by Fig. 9D. 

The applicant argues further that the meaning of working data identifier set domain 
should involve a domain which is associated with an identifier set which is associated with 
working data. This is not found persuasive because the claim language does not claim "a domain 
which is associated with an identifier set and which is associated with working data." 
Furthermore the appUcant does not provide a definition of working data identifier set domain. 
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Claim Rejections - 35 USC §103 
The following is a quotation of 35 U.S. C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

Claims 1-2, 7-8, 16-19, 20-21, 25-26, 34-37 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Challener (6,081,793) in view of Mital (5,903,652) and fiirther in of the article 
by Shamir ("How to Share a Secret"). 

In reference to claims I and 20, a communication module for establishing a 
communication connection between a sender of one working data identifier set domain and a 
receiver in a different working data identifier set domain (Fig. 1); a mapping module coupled to 
the communication module for anonymously mapping working data of the one working data 
identifier set domain to working data of the different working data identifier set domain, the 
working data having (i) a research data portion and (ii) an identifier portion related to identifying 
persons associated with the research data portion (column 7 lines 1-37), the mapping module 
mapping the identifier portion of the working data in the one working data identifier set domain 
to the identifier portion of the working data in the different working data identifier set domain 
such that the working data transmitted to the authorized receiver is anonymous data, while 
leaving the research data portion unmapped by the anonymous mapping of the identifier portions 
(authentication server Fig. 7 and column 7 lines 50-67); and a secret sharing module for 
performing secret sharing to control key holder access to the mapping module (parts 379, 391, 
439 Fig. 7); the apparatus communicating between parties comprising at least the sender (part 
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225 Fig. 1 A) and the receiver (part 229 Fig. 1 A) in at least two different working data identifier 
set domains (column 7 lines 38-67 in combination with column 8 lines 45-52). 

The applicant does not define working data identifier set domain. The definition of 
working data identifier set domain is data that devices process that are divided into sets. 
Although Challener does not describe that data that is processed by the authentication server and 
the results server as working data identifier set domain, the data sets that the authenticator and 
the resuhs server process are different sets of data. The authenticator processes that 
identification data and the results server processes that ballot. 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to describe the data processed by the authentication server and the results server of 
Challener as working data identifier sets. One of ordinary skill in the art would have been 
motivated to do this because the data revealed to the different servers in system of Challener is 
separated by encryption so that the voter cannot be identified from their ballot (column 10 line 
51-67). 

Although Challener discloses transmitting anonymously mapped identifier portion and 
the unmapped research data portion of the working data to the receiver, the mapping module of 
Challener is not capable of accessing both the identifier portion and the research data portion of 
the working data. 

Mital discloses a system wherein the communication module is capable of transmitting 
both the anonymously mapped identifier portion and the unmapped research data portion of the 
working data to the receiver (column 7 line 65 column 8 line 14). The system of Mital further 
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discloses that the mapping module is capable of accessing both the identifier portion and the 
research data portion of the working data (column 27 Unes 54-61). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to make the mapping module capable of accessing both the identifier portion and 
the research data portion of the working data as in Mital and therefore allowing the viewing of 
data, but disallowing access using encryption in the system of Challener. One of ordinary skill in 
the art would have been motivated to do this because it would provide access to portions of 
information that are required by specific users while denying access by use of encryption to data 
that requires hiding from certain users. 

Although Challener teaches encryption and therefore the use of keys, Challener does not 
disclose a predetermined number of keyholders greater than one is required d to compromise 
access to the mapping module. 

Shamir teaches a hot to divide data into n pieces in such a way that the data is easily 
reconstructable from any k pieces, but even complete knowledge of k-1 pieces reveals absolutely 
no information about D (abstract). The method is an efficient threshold scheme for the 
management of keys. Therefore Shamir teaches a method for sharing a predetermined number of 
keyholders greater than one is required d to compromise access to the mapping module (page 
612). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to divide the key into different shares for multiple key holders as in the process 
taught by Shamir in the system of Challener. One of ordinary skill in the art would have been 
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motivated to do this because the scheme is ideally suited to application in which a group of 
mutually suspicious individuals with conflicting interests must cooperate (Shamir page 612). 

In reference to claims 2 and 21, a system is disclosed wherein the research data portion 
of the working data includes personal data of individuals (column 7 lines 1-10 and 55-60). 

In reference to claims 7 and 25, Challener discloses permanent storage means for storing 
data in a tamper-proof manner (Fig. IC and Fig. 7). 

In reference to claims 8 and 26, wherein the permanent storage means encrypts non- 
queried parts of the data, said encryption using an encryption key, and the secret sharing module 
storing the encryption key (part 377 Fig. 7). 

In reference to claims 16 and 34, wherein connection of the sender and receiver are 
respectively one of a software implementation and a human being. 

Although Challener discloses the sender being a software implementation (authentication 
server has software running on it), Challener does not disclose the receiver being a human being 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to send the ballots of Challener to a human being. One of ordinary skill in the art 
would have been motivated to do this because the human being would have interest in the results 
of the ballot for voting purposes. 

In reference to claims 17 and 35, wherein connection of the sender and receiver is in 
respective different sessions. 

Although Challener discloses the sender and the receiver viewing different forms of the 
information, Challener does not expressly disclose the sender and the receiver connection is in 
respectively different sessions 
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At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to connect the receiver and sender in different session. One of ordinary skill in the 
art would have been motivated to do this because the receiver is interested in the result of the 
ballot and therefore connection of the receiver is advantages after the voting has occurred and 
therefore in a separate session. 

In reference to claims 18 and 36, wherein the communication module fiirther enables 
communication connection by a supervisor in addition to the sender and receiver (part 227 Fig. 
lA). 

In reference to claims 19 and J 7 wherein the communication connection by the 
supervisor enables remote operation of the apparatus by the supervisor (Fig. IC). 

Claims 3-4, 9-12, 22-23, 27-30 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Challener and further in view of Mital and Shamir as appUed to claims 1 and 20 above, and 
further in view of Schneier. 

In reference to claims 3 and 22, Challener discloses encrypting working data transmitted 
over the channel (Fig. 1), However Challener does not disclose authenticating the sender and 
receiver, resulting in an authorized sender and authorized receiver. 

Schneier discloses a method of mutual authentication using the SKID, so that the sender 
and receiver know that they are talking to each other (page 54-57). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to use mutual authentication as in Schneier in the system of Challener. One of 
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ordinary skill in the art would have been motivated to do this because the sender and receiver 
would be assured that they are talking to each other. 

In reference to claim 4 and 23, a system is disclosed wherein the mapping module 
employs encryption in the mapping of working data in the domain to working data in the 
different domain such that the working data transmitted to the authorized receiver is anonymous 
data (column 6 lines 14-59). 

In reference to claims 9 and 27, Challener does not expressly disclose a system wherein 
the permanent storage means employs digital signatures on queried parts of the data to detect 
changes in data and thereby prevent tampering. 

Schneier discloses a system of blind signatures where the document is signed and the 
person does not know what they are signing (pages 112-114), Digital signatures are used to 
detect changes in the data. 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to use blind signatures as in Schneier in the system of Challener. One of ordinary 
skill in the art would have been motivated to do this because the person that signed the document 
can verify that they signed it, but will not know the contents of the document. 

In reference to claims 10 and 28, Challener discloses the concatenation of the encryption 
key and data (column 5 Unes 42-54), however Challener does not disclose digital signature is 
formed from a message digest. 

Schneier discloses generating a message digest using a one-way hash and then signing 
the message digest (pages 38-39). 
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At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to sign a message digest as in Schneier in the system of Challener. One of 
ordinary skill in the art would have been motivated to do this because it is a increases the speed 
of signing documents. 

In reference to claims 11 and 29, Challener does not disclose a system wherein the 
permanent storage means maintains a summary measure of stored data 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to maintain a summary measure of stored data in the system of Challener. One of 
ordinary skill in the art would have been motivated to do this because it enable the reconstruction 
of data in the case of corruption of the original. 

In reference to claims 12 and 30, Challener does not disclose a system wherein said 
summary measure has a respective digital signature. 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to maintain a summary measure of stored data that has a digital signature in the 
system of Challener. One of ordinary skill in the art would have been motivated to do this 
because it would enable the detection of changes to the summary measure. 

Claims 13-15, 31-33, and 38 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Challener and further in view of Mital and Shamir as applied to claims 1 and 20 above, and 
further in view of Ansell et al (6,151,63 1). 

In reference to claims 13 and 31, Challener does not expressly disclose storing a mapping 
table having cross-references between identifier portions of working data of the two domains 
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However Ansell discloses storing a mapping table (fig. 13 part 1306), the mapping table 
having cross-references between identifier portions of data of different domains (fig. 13 parts 
1302 and 1304) 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to maintain mapping tables as in Ansell in the system of Challener. One of 
ordinary skill in the art would have been motivated to do this because a mapping table organizes 
the information in a convenient manner. 

In reference to claims 14, 32, and 38, Challener does not disclose a system wherein the 
mapping module stores a mapping table for plural domains, the mapping table being formed of 
(i) an index section and (ii) a working reference section, the index section indicating identifier 
portion of working data in a first subject domain and the working reference section indicating 
corresponding identifier portion in a second domain, the working reference being encrypted, 
such that the mapping module performs decryption on a part of the mapping table to determine 
usable cross reference of the working data. 

However Ansell discloses a system wherein the mapping module stores a mapping table 
for plural domains (Fig. 13 part 1306), the mapping table being formed of (i) an index section 
and (ii) a working reference section, the index section indicating identifier portion of working 
data in a first subject domain and the working reference section indicating corresponding 
identifier portion in a second domain, the working reference being encrypted, such that the 
mapping module performs decryption on a part of the mapping table to determine usable cross 
reference of the working data (Fig. 3). 
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At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to maintain mapping tables as in Ansell in the system of Challener. One of 
ordinary skill in the art would have been motivated to do this because a mapping table organizes 
the information in a convenient manner. 

In reference to claims 15 and 33, Challener does not disclose a system wherein the 
mapping module maps working data among plural domains. 

Ansell disclose a system wherein the mapping module maps working data among plural 
domains (Fig. 13 part 1306). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to maintain mapping tables as in Ansell in the system of Challener. One of 
ordinary skill in the art would have been motivated to do this because a mapping table organizes 
the information in a convenient manner. 

Claim 39 is rejected under 35 U.S.C. 103(a) as being unpatentable over Challener and 
further in view of Mital and Shamir as appUed to claim 1 above, and further in view of Coss et al 
(EP0 909 074 Al). 

Challener discloses a system with a secure container (part 30 in Fig, 1); a computer 
system executing the communication module and the mapping module (part 30 in Fig. 1). 

However Challener does not disclose a firewall coupled to the computer system, the 
firewall being housed by the secured container so as to provide tamper-proof hardware. 

Coss discloses a system with a firewall with the capability for supporting multiple 
domains (Page 4 paragraph 0025). Firewalls include tamper-proof hardware by definition. 
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At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to include a firewall capable of supporting multiple domains as in Coss in the 
system of Challener. One of ordinary skill in the art would have been motivated to do this 
because firewalls prevent unauthorized access in computer networks. 



Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Paula W. Klimach whose telephone number is (571) 272-3854, 
The examiner can normally be reached on Mon to Thr 9:30 a.m to 5:30 p.m. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Vu can be reached on (571) 272-3859. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for pubUshed appHcations 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-^^7-9197 (toll-free). / J 
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